Re: administrator unable to logon interactively

From: neo [mvp outlook] (neo@mvps.org)
Date: 10/20/02 

From: "neo [mvp outlook]" <neo@mvps.org>
Date: Sat, 19 Oct 2002 23:34:02 -0700

And why can't you if it is a Active Directory domain and you are forcing the
security settings via the Domain Controller group policy object? (Just
confused on your reasoning since I can control all GPO objects from a member
server that has Exchange 2k on it.)

"Steven L Umbach" <n9rou@attbi.com> wrote in message
news:HPms9.16616$%d2.16418@sccrnsc01...
> You can't modify security settings remotely that way (everything
> but). Hopefully you have been doing system state backups and a
authoritatve
> restore should fix the problem. There is another way though if that is not
> an option assuming you can access the dcs' administrative shares from
> another computer. You could create a startup script that uses secedit to
> modify the security settings. You could use or create a security template
> that would either merge or replace the current security settings. You
would
> need to copy the .inf template and script to the dc and then remotely
modify
> startup script group policy on the dc controllers from a mmc group policy
> snap in on another domain machine. Reboot the dc and you should be in
> business. If you are not familiar with secedit, the online help for it is
> pretty extensive. Good luck. --- Steve
>
>
> "neo [mvp outlook]" <neo@mvps.org> wrote in message
> news:ulx4un2dCHA.1540@tkmsftngp11...
> > Have you tried installing the administrative pack on a windows 2000
member
> > server/workstation and modify the domain policy from there?
> >
> > "praks25" <praks25@aol.com> wrote in message
> > news:748001c27700$a0dfebd0$3bef2ecf@TKMSFTNGXA10...
> > > A member of the administrators group accidentally removed
> > > the "administrators" group from rights to logon
> > > interactively in the "domain controller policy settings"
> > > at the domain controller. this was immediately replicated
> > > to the secondary domain controller and no one in the
> > > administrators group including the administrator can logon
> > > to the primary domain controller or the secondary domain
> > > controller.
> > > the message received at logon attempts is this
> > > " the group policy of this system does not allow you to
> > > logon interactively"
> > > Is there anyway to fix this problem?
> > > Since the administrator cannot logon interactively the
> > > domain cannot be administered.
> > > any help would be appreciated
> > > thank You
> > > praks25
> >
>
>